Re: [squid-users] Re: msktutil: Error: ldap_set_option (option=) failed (Can't contact LDAP server)

From: Tom Tux <tomtux80_at_gmail.com>
Date: Tue, 29 Jun 2010 11:17:10 +0200

I have now disjoined this box from the domain and stopped winbind. As
I assumed, the msktutil-utility still does not work (same error: can't
contact ldap-server).

The server is accessible with port 389/636.
Within a tcpdump, I see, that there is encrypted traffic from
squid-proxy to the domain-controller on port 389 (instead of 636).

Could the problem be a missing library? Did someone run this tool
successfully on sles11?

2010/6/29 Henrik Nordström <henrik_at_henriknordstrom.net>:
> tis 2010-06-29 klockan 07:39 +0200 skrev Tom Tux:
>
>> The computer-account already exists in the ad (joined with "net ads join").
>
> Adding principals to a Samba maintained computer account is a little
> tricky. I would recommend creating a new account and attach the
> principal there.
>
> The main issue is that the key changes each time Samba updates the
> computer account (ADS only have a single key per account, not per SPN)
>
>> proxy-test-01:/usr/local/mskutil-0.4/sbin # ktutil
>> ktutil:  rkt /etc/krb5.keytab
>> ktutil:  l
>> slot KVNO Principal
>
> You need to tell it which keytab to look into.
>
> Regards
> Henrik
>
>
Received on Tue Jun 29 2010 - 09:17:21 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 29 2010 - 12:00:03 MDT